Don't get caught on the Hacker's hook.

Trophy Phishing

Introduction:

People keep clicking the links and downloading the files, so why would the hackers stop sending them?

Hackers are on the hunt for their next big trophy phishing catch, and they are waiting for you to take the bait. This newsletter covers the top targets that hackers have in their sights, the bait and tactics they use to catch them and the defensive solutions you need to have in place to protect your employees and customers.

Hackers Favourite Lures:

• Spear Fishing: Spear phishing attacks take a much more targeted approach, requiring the hacker to study the victim before drafting the perfect email.
• Executive Whaling: Targets the top executives and administrators, focused on siphoning off money from accounts or stealing confidential data.
• Phishing: Phishing emails take a large sweep approach to attacking users and acquiring sensitive information.
• Social Engineering: A way to mine information from social media sites to gain insight into how to craft the emails

Who are your organisation's top targets?

Every layer of your business has a trophy target just waiting to get caught on the hacker's hook. The best way you can protect them is to know the type of bait that the hacker will try to use and educate them on how to spot these threats when they cross their inbox. Learn more about the top 5 trophy targets in your organisation and the bait hackers will use against them.

Trophy Target: CEO

It’s easy enough for hackers to find information on a company. Just a quick search of the company page, or social media sites like LinkedIn, makes it easy for them to find the names, email addresses of members of finance or legal teams.

A simple email with a spoofed email address from a clerk on the legal team and a subject line with the threat of a lawsuit is sure to make even a CEO click any link.

Trophy Target: Finance

If the CEO asks you to do something, it’s usually in your best interest to do what they’re asking (within reason). So, if you’re on the finance team and the CEO asks you to transfer some funds, why would you second guess that? Hackers understand this, which is why they’ll often spoof an email from the boss to get quick action from any employee. If they take the bait and click the transfer link, they’ll be handing account information right over to the hacker.

Trophy Target: Sales

Salespeople are used to fielding emails and phone calls from prospective clients and customers. They’re eager to respond to any email that comes through that could be the next big catch. It’s easy enough for a hacker to find a salesperson’s information (I mean… you know they’re on LinkedIn) and they can be pretty confident that any email they send will at least be opened. A credential theft from these users would provide access to customer lists, pricing sheets, and confidential deal information.

Stealing their accounts will also allow for a new phishing attack vector to members of the finance, management, and account teams, who would trust messages from the salesperson. This is the trophy phish that leads to many other great catches!

Trophy Target: HR

Regardless of the standard practices, members of your human resources team are used to receiving resumes via email. And while they might not open everyone, hackers know that if they craft the right email there’s a chance that the HR team could open the email and download the attachment. From there, the hacker has access to sensitive employee information, including social security numbers, addresses, phones numbers, even the details of emergency contacts.

Trophy Target: Operations

Shipping attachments for UPS and DHL orders are another common way that attackers gain access to your business. Operations and facilities team members (or even regular staff that often receive shipments) are used to receiving these types of emails with an attachment containing important shipping information. Subject lines like “missing package” or “issue with delivery” are certainly going to get their attention. Hackers know that even if this part of your organisation isn’t expecting a shipment, they’re still pretty likely to open that email and click that link or download that attachment.

How to keep off the hacker's hook.

While these phishing attacks can leave you swimming away towards calmer waters, having the right defences in place can keep you, your employees and your customers protected. Crusade offers a robust portfolio of security solutions to ensure that you’re secure at every layer and against every type of attack.

If you'd like more information on how I can protect your business, please drop me a DM.